May 27, 10:40-11:30

Beyond Interactions: Hacking Chatbots Like a Pro 

In an era where AI-driven chatbots seamlessly integrate into our daily lives, it’s high time that we understand the risks caused by vulnerabilities associated with it. Join us on an exciting journey as we break down the complexities of AI chatbot hacking and explore the potential threats hidden below the surface. In this tech talk, we will begin with the basics of AI, then shift into the common vulnerabilities of AI chat bots, and finally deep dive into the top two vulnerable categories. Through a live hacking lab and real-world attack scenarios, we will demonstrate how an attacker leverages AI chatbot vulnerabilities to compromise user privacy, spread misinformation, and perpetrate social engineering attacks. Furthermore, we will discuss some security measures aimed at minimizing these risks, thereby fostering a more secure digital environment accessible to everyone. By the end of this talk, participants will have developed a deeper awareness of the challenges in securing AI chatbots and will be empowered with practical strategies to fortify their systems effectively. Whether you're a cybersecurity professional, AI enthusiast, or simply curious about tech and security, this talk will inform, inspire, and spark a passion for keeping AI communication safe.

May 27, 11:40-12:30

Give me the damn Model for Threat Hunting

A Machine Learning Approach to Threat Hunting in Endpoint and Network Logs The talk will introduce Jupyter Notebooks for large-scale threat hunting. Rather than looking at vast data in a traditional tabular format, we will explore the effectiveness of visualizations, emphasizing graphs, to identify and investigate outliers. The primary area of focus would be Anomaly Detection applied to substantial volume of data to generate Alerts for SOC based on Windows Sysmon Endpoint Logs and Zeek/Suricata Logs.

In this talk, we will identify the anomalies in an environment without ingesting the data into a SIEM or an intelligent application, simply by using a Jupyter Notebook The potential of extracting patterns and deriving meaningful insights from data is vast. And hence, Introducing a detection engineering strategy using Machine Learning and Visualizations to Hunt for Threats in Endpoint and Network Logs. Furthermore, the same strategy could be extended to Hunt for threats in Cloud Environments such as AWS and Azure. The capability of detecting Outliers in an environment within few minutes and converting those into highly effective Alerts with minimal True Positives will be explored in this presentation.

May 27, 1:30 - 2:20

Guardians of Cybersecurity: Deploying IoT devices via Drones and Dropboxes

Alex and Brad's fascination with drones further catalyzed this integration, giving birth to "The Raccoon Squad". This initiative features two groundbreaking devices: the 'Flying Raccoon', representing airborne reconnaissance and intrusion, and the 'Sneaky Raccoon', epitomizing ground-level stealth operations. Through this exploration, we gain insights into the future of integrated security solutions that seamlessly blend digital prowess with tangible, real-world applications.

May 27, 2:30-3:20

Bypassing Next Generation Firewalls’ Layer 7 Application Policy

As a security community and hackers, our major focus is usually on vulnerabilities affecting operating systems and software running on devices. Not so often do we put a light on protocols we have been using for years or practices we have been following. Then eventually, one day, we may realize that some expensive security solutions we trust for our security may extensively rely on some simple assumptions at core. In this presentation, starting with a real-life incident example, Ali will shed light on how common IDS/IPS detection engines rely on the fact that, malicious or not, all networking applications would follow the same logic flow at the socket programming level. Then, by thinking outside of the box, Ali will demonstrate how, by making a small change in the application, malicious traffic can avoid being detected by IDS/IPS engines and therefore bypass Next Generation Firewall’s Layer 7 Application Policy rules. A PoC tool written by Ali will be used to demonstrate a successful reverse shell connection and file exfiltration being performed over some well-known NGFWs despite their Layer 7 application block policies in effect. Following the demo, there will be some suggestions for defenders on how to detect such suspicious traffic as well as how to remediate this issue. The PoC tool will be published following the presentation.

May 27, 3:30-4:20

Beyond Code: Reinforcing CI/CD Pipelines Against Emerging Threats

As modern software development practices evolve, CI/CD pipelines have emerged as a potent, yet under-secured frontier. This has resulted in a shift in focus from attackers, who are exploiting the traditionally overlooked vulnerabilities in the development pipelines. In this presentation, we'll dive into the top CI/CD security risks as identified by OWASP. We'll look at how each attack can be performed, explore potential impacts, and the motives of bad actors. This talk will provide you with pragmatic strategies to strengthen your CI/CD security posture. Join us to transform your CI/CD pipeline from a potential vulnerability into a cornerstone of your security infrastructure.

May 27, 4:30-5:20

We Taught Burp to Speak GraphQL: Automated Security Scanning of Your GraphQL API with Burp 

Rest APIs have been the backbone of webapps for over a decade now, and it’s treated us well. Inevitably, a challenger has approached and is gradually becoming the new industry standard. That is GraphQL, a query a language for your API. But shifts in tech trends also bring another inevitability, new and interesting ways to hack stuff. GraphQL is a growing target, and the pentesting tools have yet to keep up, leaving the criminals with more time and opportunity to probe and exploit vulnerabilities in your web apps. Burp Suite has been the defacto tool for Application Security professionals running DAST scans and penetration tests against web apps, and it’s amazing Active Scan feature badly needed to be able to parse GraphQL. Our new plugin for Burp Suite allows the Active Scanner to competently point it’s library of payloads at a GraphQL API, giving the defenders a chance to detect vulnerabilities before the criminals do.